This article explains how to set up and use the OpenId Connect Integration, so your organization can rely on Single Sign-On, using Ping Identity as the Identity Provider, and require employees to authenticate using your Ping Users directory.
How to connect the OpenId Connect integration
To set up SSO using the OIDC protocol, you need to connect to the OpenId Connect integration. Only organization admins are able to connect integrations on behalf of the organization.
Go to the App Store.
Look for OpenId Connect and click on it.
Now click on "Connect OpenId Connect", you'll enter the the integration set up. Keep this screen open, we'll need to get the values from Ping.
How to set up a new Ping application
To enable Deel to authenticate users via Ping using OIDC protocol, we'll need to create a new application, following these steps:
- Go to Ping admin dashboard
- Navigate to Applications > Applications, and click on the "+" button to create a new application.
- Enter the display name for the application, for example, "Deel", and select OIDC Web App option. Click "Save".
- Now copy the "Client ID" text and paste it in the corresponding field, in Deel's connection settings.
- Do the same for "Client Secret", copy the secret, and paste in Deel's settings.
- Now click on the "Configuration" tab, expand the "URLs" menu, and copy the "OIDC Discovery Endpoint" and past it in the "Well-Known URL" input, on Deel's settings, and click on "Connect & Go to Settings".
- You'll see the Single Sign-On configurations panel. Enter the name to identify the SSO method in your organization custom domain, and copy the Redirect URL.
- Go back to Ping, and click on the pencil button under the "Configuration" tab to edit the details for your OIDC application.
- Paste the redirect URL from Deel in the "Redirect URIs" field.
- In "Token Endpoint Authentication Method", select "Client Secret Post".
- Paste the redirect URL from Deel in the Initiate Login URL, and click "Save".
- Go to the "Resources" tab, and click on the pencil to edit the "Allowed Scopes". Select "Email" and click "Save".
- Go to the "Access" tab to edit the groups assignments to this application.
- Lastly, enable your application by clicking on the switch button on the top-right.
- Back to Deel's SSO configuration, click on "Enable" to enable SSO login.
Once enabled, your organization will require SSO for any employee to login.
To disable SSO at any given time, you just need to go back to this integration, and click on More > Disconnect.